alpine 3.7
crypto weakness #270


Weakness Breakdown


This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.7 crypto weakness.

// return 0 if pass good else !0
// login/pass may be "nologin"/"nopass" if compiled with no login
unsigned int CNetClient::SendPass(char * login, char * pass)
  int nRes;
  unsigned int nSize;
  char * szSalt;
  char * szPasswd;
  char * ok = (char *) malloc(5);

// send login
  nSize = strlen(login)+1;
  nRes = Send(&nSize, sizeof(unsigned int));
  nRes = Send((void *) login, nSize);

  nRes = Recv(&nSize, sizeof(unsigned int));
  szSalt = (char *) malloc (nSize);
  nRes = Recv(szSalt, nSize); 

  #ifdef HAVE_PAM
    szPasswd = strdup(pass);
    szPasswd = crypt(pass, szSalt);
  szPasswd = strdup(pass);

// send password
  nSize = strlen(szPasswd)+1;
  nRes = Send(&nSize, sizeof(unsigned int));
  nRes = Send((void *) szPasswd, nSize);

// check answer
  nRes = Recv(ok, 4+1); // preserve endding \0
  *(ok+4) = '\0';
  nRes = strcmp(ok, " ack");
  return nRes;

CExceptions * CNetClient::RecvExcep(const char * msg)
  DWORD dwArg1, dwArg2, dwErrCode, dwAux;
  char * szArg1;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.